Elias Levy said:
>> 7) If a voting member votes on a candidate for a security problem
>> found in a product owned by a competing organization, then that
>> member's vote cannot be counted towards the Quorum, unless the
>> competing organization has publicly acknowledged the problem.
>
>Thats silly. So if NAI had not acknowledged the problem in Gauntlet
>then almost none of the vendor members of the CVE board could vote.
This issue was brought up at the AXENT meeting, so that's why this
bullet is here. But now I don't recall the precise reasons why some
of the vendors wanted this, though I thought it had to do with
"conflict of interest." Note that it's not just security vendors who
suggested this. David LeBlanc and Jim Magdych, not to single you out,
but I believe you were strong proponents of this approach?
As Elias points out, it does narrow down which members can vote on the
problem, especially if the notion of "competitor" is applied broadly.
However, as we continue to expand the diversity of the Board, this may
become less of a problem.
- Steve